IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-17
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-05-18
Updated
2024-05-20
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-10
Updated
2024-04-10
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-27
Updated
2024-04-29
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-03
Updated
2024-03-04
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-05-01
Updated
2024-05-01
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-10
Updated
2024-02-16
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
Source: IBM Corporation
Max CVSS
7.0
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-31
Updated
2024-05-16
IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-04-06
Updated
2024-04-08
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
Source: IBM Corporation
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-10
Updated
2024-02-15
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-12
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-02-02
Updated
2024-02-02
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-12-25
Updated
2024-01-03
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.
Source: IBM Corporation
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-05-11
Updated
2024-05-14
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-20
Updated
2023-12-22
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-04
Updated
2024-01-19
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-02-07
Updated
2024-02-15
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-02-02
Updated
2024-02-08
1183 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!